Can't email to a specific external domain

stetho · February 2, 2025, 3:23pm

I’ve been using MIAB for years with hardly any problems. All of a sudden I can’t email my mum or my sister from any of my MIAB domains. They both have @talk21.com email addresses and when I email them I get

Feb 2 14:53:38 box postfix/smtp[2206]: 8FE8BFC0AF: to=<my-sister@talk21.com>, relay=mx.bt.prod.cloud.openwave.ai[65.20.50.207]:25, delay=1.2, delays=0.19/0.09/0.5/0.46, dsn=5.0.0, status=bounced (host mx.bt.prod.cloud.openwave.ai[65.20.50.207] said: 554 Message rejected on 2025/02/02 14:53:38 GMT, policy (3.2.1.1) ID (679D5121007376AF) - Your message looks like SPAM or has been reported as SPAM (in reply to end of DATA command))

The lines preceding this in the logs are a standard postfix handshake with the remote server and offer no clues.

I am not having any problems sending email to anyone else. So this looks like a “them problem” but I’d like to be certain.

Anyone have any insight?

mokiejovis · February 3, 2025, 4:33pm

Look at the error message:

mx.bt.prod.cloud.openwave.ai[65.20.50.207] said:

554 Message rejected on 2025/02/02 14:53:38 GMT

Your message looks like SPAM or has been reported as SPAM

It looks like their provider is using openwave.ai either to host their email directly or as a spam management service. Your emails are being actively rejected. You should make sure your IP isn’t blacklisted. If it is, start figuring out why and work to fix that. If you’re not on any blacklists, you’ll have to get in contact with the admins at either talk21.com or openwave.ai and figure out how to get removed from the blacklist.

stetho · February 3, 2025, 5:52pm

It turns out that it isn’t my IP address that’s blacklisted, it’s the entire 209.97.187.152/20 subnet that belongs to Digital Ocean. It’s blacklisted by " UCEPROTECTL3 Blacklist" which appears to be a scam organisation who say they won’t remove you directly but if you complain to DO or if you make “donation” they might remove you.

I’ll have to move my mum + sister to a different provider.

mokiejovis · February 3, 2025, 6:06pm

I’m also on Digital Ocean. I’ve spent years building and maintaining a pristine reputation for my IP (which sends very little mail) and I’ve given up trying to keep up with all of the services arbitrarily blocking it. I switched to an external SMTP provider last year and haven’t looked back.

Depending on your volume, there are providers out there you can sign up for and use for free.

stetho · February 4, 2025, 6:47am

It’s personal use. What service are you using and are you using it as a proxy for MIAB or just setting it as your SMTP server in your mail client?

mokiejovis · February 4, 2025, 2:05pm

I’m using SMTP2GO as a relayhost in postfix, which permits 1000 messages per month on the free tier. That means I send messages to my MiaB as usual and those messages are routed to smtp2go’s service by postfix.

Note that you’ll need to make changes to postfix’s main.cf which will not survive an update - you’ll need to save a copy of your main.cf and replace it after upgrading MiaB.

After creating an account with smtp2go, do the following:

Add the relayhost. Update the following config items in /etc/postfix/main.cf:
relayhost = [mail.smtp2go.com]:465
smtp_tls_security_level=encrypt
Add the following config items to the bottom of main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_wrappermode = yes

Create the /etc/postfix/sasl_passwd file and put in:
[mail.smtp2go.com]:465 username:password
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd
sudo systemctl restart postfix

vele · February 4, 2025, 11:59pm

They claim on their website:
Send transactional emails from your app, general emails from Outlook, or marketing emails with a built-in

Can please send me a test message via this relay, I am interested in the headers.
I will DM you my email.

mokiejovis · February 5, 2025, 12:17am

I found a reply to a conversation we had in May 2024 which has a pastebin of a full message source:

vele · February 5, 2025, 12:38am

What does it say in the
Return-Path:

Your domain or the domain of the relay

mokiejovis · February 5, 2025, 1:41am

It’s a domain that looks like my domain, but is actually a CNAME for return.smtp2go.net.

Return-Path: <bT.ydkcs759ovqy5l6=jzqusc461ab2=bt8wzsvjlmifjt@em580014.redacted.com>

stetho · February 5, 2025, 3:53pm

Thanks. My question was more “who are you using that won’t be subjected to this arbitrary blocking” but the instructions are a bonus for anyone else in this situation.